ggshield hmsl check
Please note that Has My Secret Leaked features are currently in beta.
Description
Check if secrets have leaked.
ggshield hmsl check [OPTIONS] PATH
Note: Secrets can be read from stdin using ggshield hmsl check -
.
Options
--format [text|json]
: Format to use for the output.--json
: Shorthand for--format json
.-f
,--full-hashes
: Put the full hashes into the payload instead of the prefixes. This is useful for partners that trust GitGuardian because it allows to send more hashes per batch, and consumes less credits.-n
,--naming-strategy [censored|cleartext|none|key]
: Strategy to generate the hints in the output.censored
: only the first and last characters are displayed.cleartext
: the full secret is used as a hint (Not recommended!).none
: no hint is generated.key
: the key name is selected if available (e.g. in .env files), otherwise censored is used.
Default:
key
.-t
,--type [file|env]
: Type of input to process.file
: the input is a simple file containing secrets.env
: the input is a file containing environment variables.
Default:
file
.
This command supports all ggshield global options.
Example
Given a secrets.txt
file containing:
sup3rstr0ngpass1ForGG
hjshnk5ex5u34565AWS654/JKGjhz545d89sjkja
hjshmq1no2v59001AWS792/PMDaax001t52sjkja
$ ggshield hmsl check secrets.txt
Collecting secrets...
Collected 3 secrets.
Querying HasMySecretLeaked...
97 credits left for today.
Found 2 leaked secrets.
> Secret 1
Secret name: "hjshnk5**************************89sjkja"
Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"
Distinct locations: 96
First occurrence:
URL: "https://github.com/ChrisJStone/gitflow-cjs/commit/1c9b5b4286361ee88d64305e5a0080f03570cc5e#diff-02557643ffc95ebd4d6d5a96c612319db32179d87b36cb1f78d2f4305c80b994R10"
> Secret 2
Secret name: "sup3*************orGG"
Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"
Distinct locations: 33
First occurrence:
URL: "https://github.com/akansha-nec/Sample2/commit/b06ae6b5e0869657faff9aef37fe2a1afc39370f#diff-9d6176320759464781692ac6ec7d84d987716bad52218e13ac3219c6004e630fR4"
Here’s an additional example when nothing is found:
$ ggshield hmsl check secrets2.txt
Collecting secrets...
Collected 1 secrets.
Querying HasMySecretLeaked...
99 credits left for today.
All right! No leaked secret has been found.